ISPCONFIG 3 password encryption

[jariasca]

Hi all,

I'm Developing a new management interface for my postfix for inhouse use.
does anybody know how is the ispconfig 3 password encrypted.

I'm using coldfusion 8

thanks
Jorge

[edge]

Yahooo.. An other CF8 users.

I think that ISPconfig is using PHP's md5 as encryption, but to make sure you better wait for one of the developers to answer your question.

[till]

The passwords in ispconfig are encrypted with "crypt" and a salt, thats the standard encryption on all Linux systems and ISPConfig uses this too.

[jariasca]

Hi, is there a way to get an example code nevermind if it is in php, or maybe you can tell me where in the source code of the ispconfig 3 can I see this encrpytion.

[mike_p]

Quote:

Originally Posted by till

The passwords in ispconfig are encrypted with "crypt" and a salt, thats the standard encryption on all Linux systems and ISPConfig uses this too.

Now I'm confused!
Looking at the source code in
/usr/local/ispconfig/interface/web/client/client_edit.php

I see

Code:

$sql = "UPDATE sys_user SET passwort = md5('$password') WHERE client_id = $client_id";

That suggests that the system users' passwords are encrypted by mysql applying md5??

[till]

md5 is a fallback mechanism supported only for the sys_user table. Normally all passwords for all users (ssh, email, ftp and sys_user) are encrypted with crypt. Take a look at the /usr/local/ispconfig/interface/lib/classes/tform.inc.php file which handles the encryption for all password form fields.

[mike_p]

Thanks for the swift explanation!